Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Avira - NOAH17 Berlin

284 views

Published on

How to Keep 8 Billion People and >50 Billion Devices Safe in 2020? - Workshop by Travis Witteveen, CEO and Adrian Cismas, IoT Labs of Avira at the NOAH Conference Berlin 2017, Tempodrom on the 23rd of June 2017.

Published in: Services
  • Login to see the comments

  • Be the first to like this

Avira - NOAH17 Berlin

  1. 1. How to keep 8 billion people and >50 billion devices safe in 2020? adrian.cismas@avira.com
  2. 2. GET YOUR TICKET TODAY! www.noah-conference.com 6-7 Old Billingsgate, London Tempodrom, Berlin JUN20182-3 NOV2017 SAVE THE DATE
  3. 3. 2017 2027 10 yrs $200 security updates automatic updates security research team = electronics & connectivity -
  4. 4. Cheap Secure Smart
  5. 5. The Internet of Ransomware Things
  6. 6. Attack surfaces
  7. 7. IoT stack Applications Cloud services Communication Device firmware Embedded dvc Web / mobile apps, third party integrations Web services, RESTful APIs, analytics, integrations Local and remote communication protocols Device firmware and the update distribution process On-die devices (memory, flash, cpu)
  8. 8. Threats • Device control hijack • Reprogramming • Man in middle • Jamming / Blocking • Replay • Cloning • Data theft
  9. 9. Sane design tips.
  10. 10. What is the goal? A good aim is to avoid dangerous attacks. Annoying attack: • A motivated attacker with physical access can compromise device operation • The same attacker could always hit your device with a hammer. Dangerous attack: • An attack that is enabled by physical access to one device to compromise another device
  11. 11. The basics • No fixed firmware login / passwords • Don't allow default login / passwords
  12. 12. The embedded level • Disable all debug interfaces in production. • Don't use unprotected filesystem. Do you really need one at all? • Make sure you have some secure storage (TPM, cryptoAuth, on-die ...) • Ensure per-device unique secrets. A pain in the factory but well worth it.
  13. 13. The booting / upgrading level • Secure boot is a must • protected on-die flash • or signed off-die fw that only gets executed after verification • Upgrades • should be OTA and unattended (without user involvement) • must be secure & fail-safe
  14. 14. The link / communication level • Use standard, well proven encryption protocols: mBed TLS (Apache licensed). This can be squeezed down into less RAM than you think. • Be careful with your ciphersuite & signature choices.
  15. 15. Well known fallacies • "The MCU has a crypto engine" • are you using it properly? • how about the rest of the system? • "I have some TLS code from the chip supplier" • are you using it properly? • how long will maintain it and stay profitable? • "I have some (encryption, auth, ...) libraries from my cloud supplier" • how much of the threat surface do they cover?
  16. 16. adrian.cismas@avira.com
  17. 17. Selected Completed NOAH Transactions Focus on Leading European Internet companies Covering over 400 companies across 25 online verticals, a broad range of over 500 investors as well as 100+ online-focused corporates Deep understanding of industry dynamics Ability to add value beyond banking advice Facilitates overall process and minimizes management distraction NOAH Advisors is globally well connected and has direct access to virtually all key players in the industry Knowledge of and strong relationships with potential buyers’ key decision makers Proactively finds and unlocks attractive investment opportunities for leading investors Annual NOAH Conference in its 8th year Over 40 years of combined relevant M&A experience Routine execution of M&A and financing transactions with sizes of several billion euros 30 successfully completed NOAH Advisors transactions underline successful transfer of M&A competencies to the Internet sector Entrepreneurial mind-set, focused on growing the business and establishing a reputation for excellence Ability to deliver top results in short time frames Highly success-based compensation structures align interests of clients and NOAH Advisors, and demonstrate conviction to deliver top results Creative deal solutions December 2014 September 2014 October 2014 May 2014 Sale of 100% of for $800m to Exclusive Financial Advisor to Fotolia and the Selling Shareholders Sale of 100% of for €80m to Exclusive Financial Advisor to Trovit and its Shareholders Sale of controlling stake in to Exclusive Financial Advisor to Facile.it and its Shareholders sold 100% of for $228m to a joint venture between Exclusive Financial Advisor to Yad2 and its Shareholders Unique Industry Know-How Unmatched Network and Relationships Strong Investment Banking Competence Full Commitment - We Are Entrepreneurs! EUROPE’S LEADING INTERNET CORPORATE FINANCE BOUTIQUE September 2016 October 2016December 2016 May 2016 Investment in by Financial Advisor to Oakley Capital Exclusive Financial Advisor to 10Bis and its Shareholders ® Marco Rodzynek Managing Director & Founder marco.rodzynek@noah-advisors.com Jan Brandes Managing Director jan.brandes@noah-advisors.com Justus Lumpe Managing Director justus.lumpe@noah-advisors.com The NOAH Advisors Core Banking Team Nikhil Parmar Director nikhil.parmar@noah-advisors.com 10Bis Acquisition of a Majority Stake in by from at a valuation of €300m Investment in Exclusive Financial Advisor to KäuferPortal and its Shareholders by 84% Ownership Financial Advisor to Silver Lake Investment in by

×